With the recent spread of the #WannaCry (Update 6/27/17: and #Petya) ransomware over the past week, the IT community has been in a frenzy to patch vulnerable systems that are missing the MS17-010 patch that Microsoft released back in March 2017. If you need to scan your network for possible vulnerable systems, you can use a tool called NMap (or ZenMap for a GUI interface in Windows), with this NSE script available on GitHub. According to the GitHub description, “Attempts to detect if a Microsoft SMBv1 server is vulnerable to a remote code execution vulnerability (ms2017-010). The script connects to the $IPC tree, executes a transaction on FID 0 and checks if the error “STATUS_INSUFF_SERVER_RESOURCES” is returned to determine if the target is not patched against CVE2017-010. Tested on a vulnerable Windows 7. We might have some issues with v2 protocols with signing enabled.”

Downloading The NSE smb-vuln-ms17-010.nse Script

Update: Update to version NMap 7.50 to get the most recent NSE script available.

Share This Story:

2 Comments

Just received an email or saw an article where MS is telling people to turn OFF SMBv1. I believe the guide to Windows 10 at WindowsCentral. Might want to head over there and check it out. I turned SMBv1 off per the instructions.

If it is possible in your environment, then turning off SMBv1 is definitely recommended. If you have an environment with mixed OSes between older Windows, MacOS, or Linux, then turning off SMBv1 might not be feasible.